Enable SSL hostname verification by default

Signed-off-by: Michael Steinert <mike.steinert@gmail.com>

7 files changed, 7 insertions, 7 deletions

diff --git a/.gitignore b/.gitignore
index a33a375..797169a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -42,6 +42,7 @@ examples/amqps_producer
 examples/amqps_sendstring
 examples/amqps_unbind
 librabbitmq.pc
+test-driver
 tests/test_parse_url
 tests/test_tables
 tools/amqp-consume
diff --git a/Makefile.am b/Makefile.am
index 3201f7d..d8b4554 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -78,9 +78,6 @@ include_HEADERS += librabbitmq/amqp_ssl_socket.h
 endif
 
 if REGENERATE_AMQP_FRAMING
-BUILT_SOURCES = \
-	$(top_builddir)/librabbitmq/amqp_framing.h \
-	$(top_builddir)/librabbitmq/amqp_framing.c
 
 if PYTHON3
 codegen_py = $(top_builddir)/librabbitmq/python3/codegen3.py
diff --git a/configure.ac b/configure.ac
index dce2d1b..c4b058b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -203,5 +203,5 @@ $PACKAGE_NAME build options:
 	SSL/TLS: $with_ssl
 	Tools: $enable_tools
 	Documentation: $enable_docs
-        Examples: $enable_examples
+	Examples: $enable_examples
 ])
diff --git a/librabbitmq/amqp_gnutls.c b/librabbitmq/amqp_gnutls.c
index 93273d7..6339281 100644
--- a/librabbitmq/amqp_gnutls.c
+++ b/librabbitmq/amqp_gnutls.c
@@ -221,6 +221,8 @@ amqp_ssl_socket_new(void)
 	if (GNUTLS_E_SUCCESS != status) {
 		goto error;
 	}
+	gnutls_certificate_set_verify_function(self->credentials,
+					       amqp_ssl_verify);
 	status = gnutls_credentials_set(self->session, GNUTLS_CRD_CERTIFICATE,
 					self->credentials);
 	if (GNUTLS_E_SUCCESS != status) {
@@ -274,7 +276,6 @@ amqp_ssl_socket_set_key(amqp_socket_t *base,
 	if (0 > status) {
 		return -1;
 	}
-
 	return 0;
 }
 
diff --git a/librabbitmq/amqp_openssl.c b/librabbitmq/amqp_openssl.c
index c3451ae..7054859 100644
--- a/librabbitmq/amqp_openssl.c
+++ b/librabbitmq/amqp_openssl.c
@@ -351,7 +351,7 @@ password_cb(AMQP_UNUSED char *buffer,
 	    AMQP_UNUSED int rwflag,
 	    AMQP_UNUSED void *user_data)
 {
-	amqp_abort("don't use password protected keys!");
+	amqp_abort("rabbitmq-c does not support password protected keys");
 	return 0;
 }
 
diff --git a/librabbitmq/amqp_polarssl.c b/librabbitmq/amqp_polarssl.c
index 1c7c9f3..8616df3 100644
--- a/librabbitmq/amqp_polarssl.c
+++ b/librabbitmq/amqp_polarssl.c
@@ -211,6 +211,7 @@ amqp_ssl_socket_new(void)
 	ssl_set_endpoint(self->ssl, SSL_IS_CLIENT);
 	ssl_set_rng(self->ssl, ctr_drbg_random, self->ctr_drbg);
 	ssl_set_ciphersuites(self->ssl, ssl_default_ciphersuites);
+	ssl_set_authmode(self->ssl, SSL_VERIFY_REQUIRED);
 	self->session = calloc(1, sizeof(*self->session));
 	if (!self->session) {
 		goto error;
diff --git a/librabbitmq/amqp_ssl_socket.h b/librabbitmq/amqp_ssl_socket.h
index 693ea96..c2f40b3 100644
--- a/librabbitmq/amqp_ssl_socket.h
+++ b/librabbitmq/amqp_ssl_socket.h
@@ -95,7 +95,7 @@ amqp_ssl_socket_set_key_buffer(amqp_socket_t *self,
  * Enable or disable peer verification.
  *
  * If peer verification is enabled then the common name in the server
- * certificate must match the server name. Peer verification is disabled by
+ * certificate must match the server name. Peer verification is enabled by
  * default.
  *
  * \param [in,out] self An SSL/TLS socket object.